Detection and monitoring, and the subsequent management of transport systems, is becoming ever more sophisticated and also integrated as ITS spreads wider across cities and along highways and rail corridors.
Ethernet is now the dominant protocol for transferring information between the various elements in these systems and the control rooms. And as many of the functions have a safety critical element for the travelling public, stable communications are paramount. However, as the networks connecting together these elements grows in size and complexity, they become more susceptible to damage and failures.
A standard way of improving network resilience and reliability is to employ a ring configuration which brings with it redundancy so that in the case of a cable failure, the signal can still get to its destination by passing the ‘long way’ around the ring.
Ring technology is not new and has been known as RPR (Resilient Packet Ring), SONET (Synchronous Optical Network) and SDH (Synchronous Digital Hierarchy) but these are not applicable to Ethernet applications. This is unfortunate as Ethernet is increasingly popular in the transport sector – partly due to the lower hardware installation and the maintenance cost - and Ethernet Ring Protection Switching (ERPS) was introduced to overcome the link failures commonly found in networks.
ERPS, perhaps more correctly known as G.8032 and defined in ITU-T G.8032, provides Ethernet systems with redundant path technology and provides very low failover times, sub 50ms. The technology uses Ethernet switches to create a highly reliable and stable ring topology from which a robust network can be built and permits the incorporation of quality of service metrics, allowing system integrators and network designers to meet service level agreements.
Put very simply a ring or loop is a configuration where a package of data, known as a frame, can travel around an Ethernet network and end up back where it started (see figure 1). Simplistically the frame could pass endlessly from one switch to the next and keep going around and around eating up bandwidth and wreaking havoc with the MAC address tables paralysing the network.
This scenario is avoided by using loop preventing protocol on the Ethernet switches. This requires one port in one of the switches to be configured as the ‘Owner’ of the ring.
Figure 2 shows four switches configured in a ring and Switch A, port P1 is configured as the Owner. Port P1 Switch B, is directly attached to the Owner port and is designated as the ‘Neighbour’ so the system knows that it is directly connected to the owner of the ring. To prevent an endlessly-circulating loop, one of the links in this ring must not pass data. Under normal conditions with the loop intact, the Owner blocks traffic from passing thus preventing the loop while Switch B will also start blocking traffic going out of the P1 port because it has determined that the rest of the ring is intact.
The ring is therefore in a converged state – that being it has settled into a particular configuration and is no longer in a transitional state.
In figure 3 a fault has occurred between switches B and C and in less than one tenth of a second switch A and B will be notified of the fault and start allowing traffic across the link they share. At the same time switches B and C will start blocking traffic passing between them while continuing to monitor the existence of the fault.
Once the broken connection is fixed, the ring will normally revert to the original state with the Owner and Neighbour ports blocking traffic. However, the ring can be configured as non-revertive so B and C would continue blocking transmission until an administrator resets the ring to its normal state. This configuration can help trace intermittent faults and some network administrators might see non-revertive as a security feature although they should already be notified of any fault via SNMP, SMTP or Syslog even with revertive networks.
When configuring a ring, the technician will need to know which two ports will be participating in the ring, what roles they will be playing, the Ring ID, the Automatic Protection Switching (or APS) channel and if the ring is to be revertive. A screen shot from an Antaira switch shows how this information might be entered.
Port selection and role should be obvious but the Ring ID and APS channel are less so. The Ring ID is appended to each of the frames and prevents messages from one ring being confused with those from another ring using the same APS channel.
The APS channel is a virtual local area network (or VLAN) tag that is given to the frames and contains the ring control commands, called ring automatic protection switching (or R-APS) messages, and all members of the ring must have the same APS Channel. By encapsulating the frames in a VLAN the protocol can contain the R-APS messages in the ring to prevent flooding the rest of the network with useless frames.
Connectivity fault management (CFM) and line status messages are used to detect ring link and switch failure. The CFM uses continuity check messages (specified in the 802.1ag standard) which sets an interval of 3.3ms, providing a very fast fault detection and convergence of topology.
There are a few R-APS control messages worth noting here: A failure along the ring will initiate an R-APS signal failure (R-APS SF) message while also blocking the failed port. The message will be sent out by both of the switches participating in the ring that have identified the fault (that is the switches on either end of the failed connection).
On obtaining this message, the ring Owner and ring Neighbour will unblock their ports. This Ethernet ring protection (ERP) protocol works for both unidirectional failure and multiple link failure scenarios in a ring topology.
A single ring can withstand a single failure before connectivity is lost between switches. The larger the ring, the greater the potential of having more than one failure at a time and to address this, it is possible with G.8032 (version 2) to have multiple rings on a single switch. In figure 4, switches B and C have two different rings associated with them. Connectivity between A and F could sustain failure in two places if each failure occurred on different rings.
By adding more rings the network becomes more resilient to failure and starts to take on the look of a ladder and is referred to as a multi-ring/ladder network.
However, no single technology is ideal for every application. Other types of rings and technologies use ‘Spanning Tree’ based redundancy which is typically slower to converge than ERPS rings but can require less configuration depending on how it is implemented. Generally, the spanning tree technologies work best in smaller networks as it can become slow when too many devices are connected.
Proprietary rings are also well established but are not viable in heterogeneous networks or networks using multiple hardware manufacturers’ products - which is becoming more prevalent as more suppliers enter the networking market.
Some originally proprietary ring technologies have been opened up for other manufacturers such as Media Redundant Protocol which operates at the MAC layer of the Ethernet switches. It is an evolution of the HiPER-Ring protocol used by Hirschman switches since 2003.
These changes mean that today it is far easier and cheaper to prevent an outage of detection, monitoring and control systems than recover from one, so consider protecting your network now rather than waiting for the inevitable.
ABOUT THE AUTHOR: David Zaveski is a field applications engineer with industrial networking and communication product specialist Antaira Technologies.
